Archive for the ‘Malware’ Category

Looking for new content and tips that will help you grow your business and improve your financial stability? We’ve got you covered. Read on to learn more.

Thank you for continuing to demonstrate your support of Dear Drebit. While we are no longer updating the content found on this blog, we hope you continue to find value in the content found here as most of these posts contain important information that will surely help provide guidance in your own personal and professional lives. Therefore, please feel free to search through archived topic for great tips and insight from our team of industry professionals.

If you would rather read something a little more recent, then join us over at www.reacpa.com. Our article library features a wide variety of informative and current content – all of which will help you overcome many of the challenges you find yourself facing every day.

Once again, weak usernames and passwords were to blame although, unlike in the past, individual users weren’t the primary culprits. According to United States security researchers, hackers utilized common electronic devices, such as DVRs, webcams and digital recorders, to execute a complex internet-wide attack. Read on to find out what you can do to protect your devices, your cloud-based data and yourself.

These days it’s not uncommon for our lives and our businesses to be managed almost entirely online. From our communications and calendars to our thermostats and security systems, while the internet may have made us more efficient, it has also made us more vulnerable. And these days, the safety of our networks and databases are never guaranteed – a lesson that was made abundantly clear after last week’s massive cyberattack.

Weak Usernames, Passwords Are (Once Again) To Blame

As most of you already know, some of your favorite websites took a hit last week. And as much as you may have wanted to take to Twitter to vent your frustration – you couldn’t. So, what happened? Once again, weak usernames and passwords were to blame although, unlike in the past, individual users weren’t the primary culprits. According to United States security researchers, hackers utilized common electronic devices, such as DVRs, webcams and digital recorders, to execute a complex internet-wide attack. The massive distributed denial-of-service (DDOS) attack was made possible thanks to weak default usernames and passwords found in the internet-connected hardware. This attack was the result of a Mirai botnet attack, which is specifically designed to scan the internet for poorly secured products and then access them through easily guessable passwords like “admin” or “12345.” Earlier this month, after security experts gained access to the botnet’s source code, which was released to the hacker community, it was discovered that the botnet was designed to try a list of more than 60 combinations of user names and passwords. Officials with Level 3 Communications, a provider of internet backbone services, estimates this recent attack was also the result of a Mirai malware attack that infected more than 500,000 devices.

Unlike botnets that typically rely on PCs, Mirai malware targets internet-connected devices that have weak default passwords, making them easy to infect, said Michel Kan a correspondent for PCWorld. More botnets like Mirai will appear unless the hardware industry can move away from default passwords. Hangzhou Xiongmai Technology Co Ltd, a Chinese electronics component manufacturer, said because its products inadvertently played a role in last week’s cyberattack the manufacturer will recall some of the products it sold in the U.S. The Chinese company said the security flaws associated with its products were patched in September 2015 and that its devices now ask customers to change the default password when used for the first time. However, products running older versions of the firmware are still vulnerable. Users with older versions of the company’s products can still protect themselves by updating their product’s firmware and change the default username and passwords or simply take their products offline by disconnecting them from the internet.

Protect Your Devices

Do you own a device that connects to the internet? Take the following precautions to prevent a hacker from infiltrating your system:

Check for updates regularly.

The first time you pull your device out of the package, change the password.

Disable features and services that you don’t need or won’t use.

Turn off your devices when they aren’t in use.

Pay close attention to your privacy settings.

Protect Your Cloud-Based Data

A lot of times, individuals and businesses will consider cloud-based data storage solutions to be more secure, but the way I see it, if it’s online, it can be hacked – regardless of how many safety protocols you may have in place. Criminals continue to look for new ways to infiltrate our online devices therefore, it is reasonable to assume, that they are looking for cracks in the cloud-based security solutions as well. This article will give you more insight into the risks you may be taking on if you were to move all your data to the cloud.

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Keep reading to find out how you can help the FBI combat the threat of Ransomware.

The FBI recently released a public service announcement urging victims of Ransomware attacks to come forward and report these cyber infections to federal law enforcement. Doing so, the FBI said in a statement, will “help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

A Closer Look At Ransomware

A computer infection that has been programmed to encrypt all files of known file types on your computer and your server’s shared drive and making them inaccessible until a specified ransom is paid; Ransomware is a very real threat to all businesses nationwide. Once a computer is infected, which usually happens once a user clicks on a malicious link, opens a fraudulent email attachment or unknowingly picks up a high-risk automatic download while surfing the web, it’s all but impossible to regain access to the data that has been infected. Upon discovering that your computer has been infected, you have two choices. You can either:

1) Restore the machine by using backup media, or

2) Accommodate the hacker’s demands and pay their ransom.

And both options are less than ideal.

What To Do If Your Company’s Network Becomes Infected

Ransomware infections were at an all-time high in the first several months of 2016, according to various cybersecurity companies, and because new Ransomware variants are emerging regularly, the FBI needs your help to determine the true number of Ransomware victims.

“It has been challenging for the FBI to ascertain the true number of Ransomware victims as many infections go unreported to law enforcement,” the agency stated in its recent announcement. “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”

Reporting a Ransomware attack on your company’s network is not only beneficial for you, the information you provide will help the FBI as it works to identify ways to prevent future attacks. Your reports will:

Provide law enforcement with a greater understanding of the threat

Help justify Ransomware investigations

Contribute relevant information to ongoing Ransomware cases

Help Arm The FBI With Information

The recent PSA released by the agency requests that all Ransomware victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center. Be sure to have the following details available and ready to provide to the respondent when prompted (if applicable).

Date of Infection

Ransomware Variant (identified on the ransom page or by the encrypted file extension)

Victim Company Information (industry type, business size, etc.)

How the Infection Occurred (link in e-mail, browsing the Internet, etc.)

If you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider. Read on to learn more.

I am regularly asked by clients, friends and family whether they should be concerned with storing their data in a cloud-based environment. My answer: Absolutely.

Even though cloud-based data storage solutions are managed by storage and security professionals (at least hopefully), there’s really no way to determine whether their authentication policies and data security procedures are always in line with industry standards. Because I’m acutely aware of these standards and best practices, I would have a hard time entrusting a cloud-based data storage enterprise with copious amounts of my company’s sensitive information.

At the end of the day, your company’s data and the data you collect is your responsibility. Therefore, your IT team is ultimately responsible for verifying whether it’s properly secured and whether a proper authentication protocol is in place to ensure that those accessing data are approved to do so. When you work with a cloud-based data storage solutions business, your control over data security procedures is significantly limited.

And just because we haven’t heard much about these types of breaches in the past, doesn’t mean they don’t happen. Consider, for example, the latest “mega-breach,” that has affected millions of Dropbox users.

The Dropbox Breach

According to reports, more than 68 million Dropbox user accounts and associated information, including user names and passwords, were discovered online. The company said Dropbox user information stolen by hackers and distributed via the Internet was the result of a previously disclosed data breach from 2012. Unfortunately, the company and the company’s users are still being hurt by this attack. In response, Dropbox said in a statement that it was forcing password resets.

“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, head of trust and security for Dropbox. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

Protect Your Data To Protect Your Company

Most professionals in the data security field – including myself – believe that any and every site can be hacked. Therefore, in an effort to protect our companies and the businesses and individuals we serve, our goal is to provide comprehensive cybersecurity education to all employees while striving to be aware of all data security issues that may have occurred. Hopefully we will know about any data breach long before cybercriminals have a chance to post information on the Internet or before our businesses are notified of an issue by the FBI or Secret Service.

Want to know why data security professionals say that your company’s employees are your weakest link? This video highlights a common security breach method used by hackers to gain access to your company.

You can take a proactive stance against cybercriminals with the following data security protocols.

Don’t just install a firewall, constantly monitor your firewall. Your IT team can constantly monitor your company’s firewall through the use of Security Information and Event Management (SIEM) or Intrusion Detection Systems (IDS) programs. You can also work with an external service provider to provide this essential service.

Passwords are powerful, protect them. Require your employees to use complex passwords to log onto your company’s network and change those passwords regularly. Secondary authentication is also important to use wherever possible.

Don’t wait for disaster to strike – actively defend your company. Routinely test the access controls of your employees. Not all employees require access to all company data. Instead, only grant access to the data your employees need to do their jobs.

Educate, educate, educate. It seems like there are new phishing attempts, ransomware attacks and malware issues every day. But just because you hear that they are happening doesn’t mean your employees are aware. Make sure you keep your employees up to speed. Doing so may just stop them from clicking on a potentially dangerous email.

If, for whatever reason, you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then, pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider.

At the end of the day, all you can do is take ownership of your data and be proactive when it comes to verifying the safety and security of your organization’s data. Email Rea & Associates to learn more.

Would you be able to effectively manage the fallout of a data breach? If you aren’t sure, keep reading.

It was 2013 when a medium-sized library in Ohio found itself in the midst of a data breach that would later serve as a powerful case study warning against the very real threat of electronic fraud. While originally developed by the Ohio Auditor of State’s office as a tool for government entities throughout the state, Cash Management 240: Financial Fraud – A Case Study, has found usefulness beyond just the government sphere.

Leaders of not-for-profit organizations and for-profit business owners would also find value in this resource, which outlines:

the events that resulted in the occurrence of the data breach,

the reaction of entity officials during and after the breach was detected, and

the short- and long-term outcomes that resulted from the breach.

While I strongly recommend that you read the entire case study, I provide a brief overview of the story below.

How would you respond to a data breach?

Library officials were notified of the occurrence of fraudulent activity impacting the entity’s checking account in March of 2013. According to the bank, the fraudulent activity appeared to be limited to three transactions, totaling $144,743. Fortunately, bank officials were proactive in their efforts to recall the transactions.

In an effort to avoid further fraudulent activity, library officials decided to disconnect the accounting workstations from the entity’s network and proceeded to contact their technology vendor, who advised the library proceed with reformatting both accounting workstations immediately. Soon thereafter, library officials contacted the local police station to report the incident, closed the entity’s existing bank accounts and opened new ones, and notified employees of the data breach as well as the board of directors.

Due to the nature of the breach, it didn’t take long before the Ohio Auditor of State’s office and the FBI were notified of the incident as well. And, in an effort to try and reclaim some of the money that was stolen, a claim was filed with the entity’s insurance carrier. Finally, the library’s bank was able to successfully recover $54,910 of the amount that was stolen. In 2014, when the case study was released, the library was still in the process of negotiating with the bank regarding $89,833 that was still missing.

So, what do you think? Would you say that the library officials were effective in their management of the data breach? What would you do if your company or nonprofit found itself in a similar situation?

Well, according to the FBI, the library could have handled the situation better. For example, the library should have not reformatted the workstations. The FBI and local police force should have been contacted immediately. And finally, the entity should have followed all instructions mandated by the bank to eliminate the possibility of such fraudulent activity.

Since it’s 2013 data breach, the library:

Is now required by the bank to follow the ACH Originator Agreement.

Has designated one stand-alone PC to be used for online banking.

Has requested online access from only one IP address

Has purchased a cybercrime policy.

Revisited its banking RFP to include a section regarding online banking security minimums.

Do you have a plan to help deter cybercrime?

The above scenario is just one of the countless cybercrimes that occur every day and every type of businesses, entity and organizations are being impacted. If you don’t have a plan in place to help prevent cybercriminals from infiltrating your network and stealing your data for financial gain, or a strategy to recover once a breach has been identified, you are in a very vulnerable position.

I believe that in order to protect against a cybercrime attack, it’s important to be armed with as much knowledge as possible. On Sept. 7, 2016, FBI Agent David Fine will be the featured presenter of part two of the Columbus Cybersecurity Series. During this portion of the presentation, attendees will hear real-life examples of attacks on businesses, including what schemes are prevalent today. Audience members will also discover the very real impact these attacks have on companies and what they can do to deter an attack from occurring in their own business or organization.

Could Your Computer Make You A Target For Fraudsters?

Learn how to keep your computer safe from this new scam.

There is a new scam making the rounds and if you have a Dell computer you could be at risk.

KnowBe4 recently published a blog informing users of the newest security issue, which has apparently left owners of Dell computers vulnerable to scammers who have been able to capture their computer’s unique tag ID (the unique sticker on your desktop or laptop) from Dell’s database.

Fraudsters proceed to call potential victims and attempt to gain access to their personal computer by claiming that there is a problem with their computer – the stolen information is then used to establish credibility. Once the fraudster convinces their victim to grant them remote access to their desktop or laptop to “fix” the problem, the scam is complete and the security of your personal information has been compromised. In other words, your personal information (such as credit card numbers, banking information, Social Security number, contact information, etc.) is no longer personal.

Dell has said that the company is investigating the issue but, at this time, offers little to no explanation for the alleged breach. Rather, the company is quick to point customers to this October 2, 2015 post advising of tech support phone scams.

According to the KnowBe4 blog post, this scam is similar to a Microsoft tech support scam where fraudsters call PC users with a similar request – to be allowed to gain remote access to a computer to fix an alleged problem.

“End-users gullible enough to give access to their workstations (usually via remote software), are billed hundreds of dollars on their credit card but the scammers, of course, don’t fix anything – in some cases their PC’s are infected with ransomware until they pay up.”

Protect Yourself

This is a great time to educate yourself and your employees about ways to keep your company’s data, computers and other devices safe. For example, if you do get a suspicious call, refrain from providing any information to the caller. Instead, insist that you will call them back. When you do return the call, use a phone number you know to be accurate or visit the company’s website for the phone number. Never call back the number that shows up on your caller ID. Another way to determine if the number is legit is to search the number in Google. This is a fairly accurate way to determine the validity of the call.

Have you been a victim of identity theft? Read on to start recovering today.

It seems that a new scam pops up every week. Fortunately, education and a little common sense is the key to your ensuring your safety.

Would you like help putting controls in place to protect your business from becoming victimized by a opportunistic hacker? Email Rea & Associates and request to speak with a member of our IT audit team. For more tips and insight, take a look at the related articles below,

2015’s Most Popular Blog Posts

If you take a moment to scroll through the list of categories, authors and archives on the right-hand side of this page, it’s pretty clear to see just how active Rea’s team of experts are when it comes to providing leaders in the business community with accurate, timely and easy to digest content. We are fortunate to have so much experience and expertise on our staff, and their eagerness to serve you better has allowed us to maintain a bi-weekly electronic newsletter, a quarterly print newsletter, three blogs and a handful of electronic segment specific newsletters. That’s a lot of content – but we are not even thinking about slowing down! I hope you hang around my lily pad for awhile. I’m pretty sure you’ll find a lot of great little tidbits to read about in 2016 too. Until then, I want to invite you to take a look at some of our most popular blog posts and articles. And, if you haven’t already, take a moment to look through the newsletters we offer and sign up to have news, tips and valuable information delivered to your inbox all year long!

Dear Drebit is updated every few days with timely information and advice. In addition to covering current trends and issues, readers are also invited to ask financial and business questions on the page, which will be answered by one of Rea’s industry experts. Here are last year’s top posts:

Brushing Up: The Dental Accounting Blog features a variety of finance and business advice specifically tailored to dental professionals. From purchasing a practice, knowing what to expect from a career in dentistry and hiring the best staff for your practice to general accounting advice, tips for cashing out at retirement and tax tips, this blog is a valuable tool for dental professionals who are looking for ways to secure long-term success in their career. The year’s most-read blog posts are:

The Cultivating Your Business blog is a resource provided to clients and visitors on the firm’s Know & Grow website. Updated a few times per month, business owners have access to advice, tips and general insight into how to grow their businesses and realize an optimal return on their investment upon retirement. Here are the top blog posts from last year:

In addition to our blogs, the Rea team publishes a lot of other valuable content in print and electronic newsletters. We make sure that all these articles are easily accessible in our article library. This is where you will find many of our niche pieces as well as a lot of general accounting tips and insights. Take a look at some of our most popular posts over the last year.

Identity theft is a scary thing and you don’t want to become a victim. Take some steps now to protect yourself in the future.

December is National ID Theft Awareness Month and the fraud prevention team at Rea is a wealth of information when it comes to sharing great tips to help taxpayers protect their identities from fraudsters. Instead of scrolling past posts in our expansive article library or award-winning blog, we’ve compiled this Top 5 list to make your search for information easier. Read on to discover how you can prevent cyber criminals from hijacking your identity all year long.

WARNING: Tis The Season To Practice Safe Online Shopping Habits: While it may be the most wonderful time of the year, cyber criminals are looking for ways to stuff their own stockings – at your expense. The holiday season is also a busy time of the year for scammers because, in general, more money is being spent and more people are clicking through cyberspace for the best deals and tracking their purchases. Find out what you can do to keep your identity safe this Holiday season.

Cyber Crime: It Can Happen To You: Fraudsters don’t take holidays. In fact, they tend to be more active this time of year because they believe we are more likely to let our guards down. I don’t intend on falling for any of their traps, and I encourage you to do the same.

Malware Threat Spreads To Smart Phones: Researchers and IT security experts from ESET, a global IT security company, recently announced that they had discovered a malware application that is designed to encrypt files and change PINs on Android devices in the United States. In return, victims are demanded to pay up to the tune of $500. Only then will hackers provide users with the recover key. Keep reading to learn how you can protect yourself.

Should I Still Be Concerned About Identity Theft And Tax Fraud?: Identity theft and tax fraud are problems that show no signs of stopping. In 2015, in an attempt to provide an added layer of protection, taxpayers in Ohio had the opportunity to get up close and personal with the Ohio Department of Taxation’s (ODT) newest fraud safety measure – the Identification Confirmation Quiz. Read on to see how this quiz has helped reduce fraud in Ohio.

How To Recover From Identity Theft & Refund Fraud: Suspecting, and then confirming, that you’ve had your identity stolen is a nightmarish scenario. It combines one of your worst fears, losing your wallet or purse, with all of the work of replacing the things that were lost. It can be so overwhelming you might be wondering: “Where do I even start?” We can help you answer that question.

Identity theft is a scary thing and you don’t want to become a victim. Take some steps now to protect yourself in the future.

Want to learn more about keeping your identity safe? Email the team at Rea & Associates, our fraud prevention specialists can be an important of keeping your information protected.

According to the digital media analytics company comScore, between the months of December and March 2015, more than 187.5 million people in the U.S. owned smartphones. During that time, Google Android led the pack as the number one smartphone platform with 52.4 percent platform market share. In other words … that’s a lot of potential LockerPIN victims.

Would You Pay A Hacker’s Ransom If Your Phone’s Data Was At Risk?

Researchers and IT security experts from ESET, a global IT security company, recently announced that they had discovered a malware application that is designed to encrypt files and change PINs on Android devices in the United States. In return, victims are demanded to pay up to the tune of $500. Only then will hackers provide users with the recover key.

If it continues to spread, this form of malware could result in a staggering number of victims. Once again we are reminded of how important it is to vigilantly protect ourselves against fraudsters who will continue to exploit such weaknesses in our technological infrastructure.

According to the digital media analytics company comScore, between the months of December and March 2015, more than 187.5 million people in the U.S. owned smartphones. During that time, Google Android led the pack as the number one smartphone platform with 52.4 percent platform market share.

Malware Goes Mobile

The malware, called LockerPIN, spreads via third party applications, which are downloaded by the user to their Android device. Similar to the CryptoLocker and CryptoWall malware that has inundated users over the past several years, LockerPIN spreads malware’s reach to the mobile user.

Originally discovered in Ukraine in 2014 the malware has been modified to the point that it is just now making its North American debut. Disguised as a system update, the application changes the user’s PIN to a random setting without their knowledge. The worse part? The only known recovery solution is to perform a complete factory reset, which will result in the loss of all your data.

Fair Warning

It’s only a matter of time before this malware progresses to the point of being able to infect all phones. In the meantime, there are actions you can take to protect yourself.

1) Never download apps outside of certified app stores.

2) Back up your mobile devices to your computer or to the cloud regularly.

3) Do not grant administrator privileges to apps unless you truly trust them.